Create an Aurora Protect Mobile policy

You create and assign an Aurora Protect Mobile policy to users and groups to enable the service and control which features you want to use.

You can configure risk assessment settings in the policy to maps the alerts that are detected by the Aurora Protect Mobile app to risk levels (for example, you can specify that compromised devices should be treated as high risk). The risk levels of the alerts are used to determine a mobile device's overall risk level. You can view the device risk level in the management console (Assets > Mobile Devices and in the device details). Note that there is no default configuration of the risk assessment settings.

If you integrate Cylance Endpoint Security with Microsoft Intune, Aurora Endpoint Security will periodically send the overall risk level of a mobile device to Intune. You can use Intune to configure mitigation actions for device risk levels.

Add Aurora Protect Mobile app and Gateway users.

In the management console, on the menu bar, click Policies > User Policy.
On the Protect Mobile tab, click Add Policy.
Type a name and description for the policy.
In the Notifications section, you can specify the count and interval of the notifications that the Aurora Protect Mobile app provides to the user when it detects a threat. You specify the type of notification (device, email, or no notification) in the Device Settings section (step 6).
In the Data privacy section, if you want to obfuscate certain pieces of information when the Aurora Protect Mobile app reports a threat so that the information cannot be stored and displayed in the management console in plain text, turn on Data privacy, then select the fields that you want to obfuscate.

In the Device Settings section, click Android or iOS and turn on the features that you want to use. For more information about the Aurora Protect Mobile features, see Key features of Aurora Protect Mobile. Note that sideload detection is not supported for iOS 17.5 and later.

For each feature that you enable, select the appropriate check box to enable or disable device notifications and email notifications. If you turn off device and email notifications, the user must open the Aurora Protect Mobile app to view alerts.
If you enable any of the following features, complete these additional steps:


Feature	Platform	Additional steps
Malicious apps	Android	To exempt apps on the safe list from malware scanning, turn on Always allow apps in the safe app list. To automatically block apps on the unsafe list, turn on Always block apps in the restricted app list. If you want to scan system apps that are preinstalled in the system partition on the device, turn on Scan system apps. If you want to enable the upload of apps to the Aurora Protect Mobile services over a Wi-Fi connection, turn on Upload app packages for safety check over a Wi-Fi connection. Specify, in MB, the maximum size of an app that can be uploaded over Wi-Fi, and the maximum size of all apps that can be uploaded in a month (30 days). If either maximum is exceeded, the upload does not occur and an error is added to the device log. If you want to enable the upload of apps to the Aurora Protect Mobile services over a mobile network, turn on Upload app packages for safety check over a mobile network connection. Specify, in MB, the maximum size of an app that can be uploaded over a mobile network, and the maximum size of all apps that can be uploaded in a month (30 days). If either maximum is exceeded, the upload does not occur and an error is added to the device log.
Unsupported device model	Android iOS	Click Edit and select the device models that you want to restrict.
Unsupported OS	Android iOS	Add the available OS versions to the supported and unsupported lists based on your organization's security standards.
SafetyNet or Play Integrity attestation failure	Android	If you want to enable Compatibility Test Suite matching for the Aurora Protect Mobile app, turn on Enable CTS profile matching.
Hardware attestation failure	Android	In the Minimum security level required drop-down list, click the appropriate level. For more information, see SecurityLevel on the Android Developers site. If you want to enforce a minimum security patch level on devices, turn on Security patch level. Add the appropriate device models and specify the security patch date.
Insecure Wi-Fi	Android	Add the available Wi-Fi access algorithms to the safe and unsafe lists based on your organization's security standards.
Unsafe message	Android iOS	In the Scanning option drop-down list, select one of the following: If you want to send messages to the Aurora Protect Mobile services to determine if they are safe, click Cloud scanning. If you want to use only the local machine learning models of the Aurora Protect Mobile app to identify unsafe URLs, click On-device scanning. If you want to disable URL scanning, click No scanning. For Android devices, in the Start scanning offset field, specify, in hours, the age of text messages that are eligible for scanning. If you specify 0, only new messages are eligible for scanning.

If you want to configure risk assessment settings for Aurora Protect Mobile alerts, do the following:
1. In the Risk Assessment section, click Add Detections.
2. Drag and drop the detections to the risk level that you want to apply to them. For information about the detections, see Key features of Aurora Protect Mobile.
Click Save.

Assign the policy to users and groups.
If necessary, rank policies.
Create and assign an enrollment policy to users. After users are assigned an enrollment policy, they receive an email with instructions to download and activate the Aurora Protect Mobile app. For more information, see the Endpoint Defense User Guide.
- Instruct users to enable JavaScript in their default mobile browser (the Aurora Protect Mobile app supports Google Chrome, Samsung Internet, and Safari). This is required to activate the Aurora Protect Mobile app.
- Instruct Android users to allow background activity for the Aurora Protect Mobile app after it is installed.